Skip to main content

March summary - 2017-03

03 Mars

Social

Tech

  • Security & AI
    • The scope is wider, with this insidious trends:
      • AI can find the most efficient way to influence you, analysing your tweets, Facebook and so on ...
    • Breaking Google security with Google services! ReCaptcha broken with AI https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/
    • Very informed Podcast on the subject RiskyBusiness "Machine Learning: Woot or woo?" https://risky.biz/RB449/ others episodes mention AI also.
      • Key point is that Neural Networks will find solutions that are not human understandable. Of course, you can look at what it does. You have access to all the intermediates steps and all the variables, un-like a real brain for example. But that does not mean that the operations will makes sense to you. Unless you are applying Neural Networks to trivial physical data, like the position, speed, mass of a ball, you will not end-up with an nice equation showing that the speed is proportional to the weight and not to its color for example.  You end-up blindly trusting a system that is somehow better than you. But AI fails in unexpected ways that we might learn the hard ways. (and hackers may learn faster.)

Comments

Popular posts from this blog

VirtualBox, CentOS, Network and Template

I have been working with VirtualBox and CentOS recently, here are some notes about this experience.
I used VirtualBox 4.2 and CentOS 6.3, but most of this should work with other products too. I created the first headless, minimal CentOS via NetInstall.
I cover two points: create a template machine and configure the Network.
Configure the NetworkWe want Internet access and a LAN local to the host.
For background information read: Networking in VirtualBox by Fat Bloke on June 2012.
The easiest is to enable two Network Adapters: One will be "Host-only" and the second "Nat". In the "Preference" menu you can see the DHCP server range for the Host-only Network. So you may set fixed addresses outside this range.
Next: start the guest. There may be various results at first, depending on a lot of things. Some problem might be solved by rm -f /etc/udev/rules.d/70-persistent-net.rules and a reboot.
Anyway, configure the two interfaces (set your own IP and MAC addresses)…

One in six IT projects ends up ‘out of control’

http://www.ox.ac.uk/media/news_stories/2011/110822_1.html

A surprisingly high number of projects are 'ticking time bombs', according to researchers at the University of Oxford. They analysed 1,500 global projects that had revamped their information technology systems within the last 10 years. They discovered that one in six projects in the sample went over budget by an average of 200 per cent (in real terms) or over ran by an average of almost 70 per cent.

Their conclusion is similar to previous studies: http://brunovernay.blogspot.com/2009/10/excellent-studies-on-software-quality.html

TLS: Disabling legacy cipher suites

First: "A cipher suite is a named combination of authentication, encryption, and message authentication code (MAC) algorithms".If you are using TLS (for HTTPS typicaly) you may want to remove some Cipher Suites.You maybe a little bit less compatible, but also a bit more secure. Things will be better when TLS1.2 is implemented everywhere.You can also claim to be FIPS 140 compliant: http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf !How to do it:From the command line:  http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizationFrom code:  http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String%5B%5D)Jetty: http://wiki.eclipse.org/Jetty/Howto/CipherSuitesTomcat: Look at the "ciphers" attribute in  http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_SupportIf someone knows how to do it on the IBM J9 via configuration, I am interested.